Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore advanced enterprise-scale deployment strategies for Security Onion, the open-source SIEM solution, through a comprehensive 59-minute conference presentation from cybersecurity specialists Piroon Srisawang, Peerapong Thongpubet, and Korrawit Chaikangwan. Learn how to overcome Security Onion's default architectural limitations in demanding enterprise environments through practical case studies and custom component development. Discover solutions for implementing robust multi-team tenancy, scalable detection rule management, and granular access control mechanisms. Master the engineering of externalized login portals with enterprise identity provider integration including LDAP and SAML-based SSO solutions. Understand sophisticated access gateway development for role-based access control and logical data separation across security teams. Examine centralized detection rule lifecycle management platforms enabling version control, automated deployment, and standardized distribution of Suricata, Zeek, and Wazuh rules across multiple Security Onion nodes. Investigate high-volume log ingestion techniques achieving 100,000 Events Per Second using kernel bypass technology and DPDK for real-time comprehensive data analytics. Address ongoing challenges including threat intelligence integration limitations with STIX/TAXII standards and core system version compatibility issues. Gain invaluable insights into adapting open-source SIEM solutions for production-grade enterprise deployment, including critical architectural considerations, trade-offs, and practical lessons from augmenting community-driven security tools for demanding operational environments.
